Add OPAM to osv.dev

[hannesm]

For #4581

Please note that I'm not an experienced Python programmer, happy to get feedback on this.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[AlexandreEXFO]

@hannesm : The list of data sources in the documentation could also be updated to add this new source. https://github.com/google/osv.dev/blob/master/docs/data.md

This updates this page: https://google.github.io/osv.dev/data/

[hannesm]

@hannesm : The list of data sources in the documentation could also be updated to add this new source. https://github.com/google/osv.dev/blob/master/docs/data.md

This updates this page: https://google.github.io/osv.dev/data/

Thanks for your comment. FYI, this is not mentioned in the issue template for a new source (see #4581).

[hannesm]

Anything I can do to move this forward? It looks like CI systems await approval (though I can't see the oss-vdb worker output).

[AlexandreEXFO]

@cuixq @another-rex

[another-rex]

/gcbrun

[another-rex]

/gcbrun

[another-rex]

I believe you can run most of the tests locally as well

make lib-tests
make lint

See Makefile for other tests available, but I think lib-tests is the one you need, though it will require you to have the poetry installed. (See CONTRIBUTING.md for full list of prerequisites. )

[another-rex]

/gcbrun

[another-rex]

/gcbrun

[another-rex]

LGTM, though please fix the linting issues.

Use make lint to run the linter locally.

yapf -i <file> to format the file.

[hannesm]

@another-rex thanks for your review and insight. I pushed a commit with the formatted file.

A make lint didn't work for me - I'm using a FreeBSD laptop, and was afraid of the amount of dependencies. Hope that autoformat is sufficient.

EDIT: Sorry I messed up the git state and did a rebase onto master and a force-push.

[michaelkedar]

looking at the response for opam-repository, the name field is in the form opam-repository.2.0.0, where I presume the version is supposed to be 2.0.0 (judging by the OSV record)

Maybe this should be x['name'].removeprefix(package + '.')?
(Are package names case-sensitive, or are they always lower-case?)

[hannesm]

the removeprefix is done in bacbfa7

(Are package names case-sensitive, or are they always lower-case?)

Neither. They are case-sensitive. There are mixed case package names as well in the package repository (such as unionFind wxOCaml CamelCase). The opam-repository git repository is manually maintained (i.e. pull requests are not automatically merged), and care is taken to not have package names that only differ in casing.

[another-rex]

@another-rex thanks for your review and insight. I pushed a commit with the formatted file.

A make lint didn't work for me - I'm using a FreeBSD laptop, and was afraid of the amount of dependencies. Hope that autoformat is sufficient.

EDIT: Sorry I messed up the git state and did a rebase onto master and a force-push.

No problem, we can do a final format pass on our end to pass the check.

[hannesm]

Thanks for your review @michaelkedar and @another-rex. Please let me know if there's anything else that needs to be done to get this merged.